Forum Discussion

maurizio's avatar
maurizio
Icon for Nimbostratus rankNimbostratus
Aug 10, 2022

change ssl profile(client) by server name invoked

Hello I have a virtual server that exposes a wildcard certificate.

Now I need to change the certificate when the server name changes.

Example:

if I contact https://site.domainA.com expose the profile ssl profile (client) profileA

if I contact https://site.domainB.com  expose the profile profile ssl profile (client) profileB

Is it possible to create a policy or an irule?

Thank you

  • Hi maurizio,

    • Create two client-ssl profiles. One for the wild_domainA certificate and the other for the wild_domainB certificate.
    • Check "Default SSL Profile for SNI" option in one of the client-ssl profiles.
    • Assign the client-ssl profiles to virtual server.

    Default SSL Profile for SNI indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support. Note that when assigning multiple SSL profiles to a single virtual server, you can enable this setting on one Client SSL profile only and on one Server SSL profile only. The default for this setting is unchecked.